Get raw text for this example
/*   Waits for any arp request and sends reply to it.     run program as   anettest -d eth0 -f this_file.fws  */
INCLUDE
PARAMETERS: <name of file>
Starts processing the content of given file. The search of file will be performed in the current directory, all search paths (see option -I). For every path the content of samples, headers, traces folders will be also examined.
arp DEFINE
PARAMETERS: <name> <value>
Defines the substitution which will be applied while reading some values (in parameters to commands and others). <name> will be replaced by <value>. This substitution may be also performed in strings enclosed in apostrophes. In this case the <name> must be enclosed in $ (ex: 'value = $name$'. See also command GDEF
PARAMETERS: <new name> <original name>
Defines the substitution which will be applied while reading almost any read word from text. <New name> will be replaced by <original name>. This substitution may be also performed in strings enclosed in apostrophes. In this case the name must be enclosed in $ (ex: 'value = $name$'.
.
PARAMETERS: <name> <value>
Defines the substitution which will be applied while reading some values (in parameters to commands and others). <name> will be replaced by <value>. This substitution may be also performed in strings enclosed in apostrophes. In this case the <name> must be enclosed in $ (ex: 'value = $name$'. See also command GDEF
PARAMETERS: <new name> <original name>
Defines the substitution which will be applied while reading almost any read word from text. <New name> will be replaced by <original name>. This substitution may be also performed in strings enclosed in apostrophes. In this case the name must be enclosed in $ (ex: 'value = $name$'.
.
neededIP 10.179.0.1
// input here the IP address of target host
DEFINE
PARAMETERS: <name> <value>
Defines the substitution which will be applied while reading some values (in parameters to commands and others). <name> will be replaced by <value>. This substitution may be also performed in strings enclosed in apostrophes. In this case the <name> must be enclosed in $ (ex: 'value = $name$'. See also command GDEF
PARAMETERS: <new name> <original name>
Defines the substitution which will be applied while reading almost any read word from text. <New name> will be replaced by <original name>. This substitution may be also performed in strings enclosed in apostrophes. In this case the name must be enclosed in $ (ex: 'value = $name$'.
.
PARAMETERS: <name> <value>
Defines the substitution which will be applied while reading some values (in parameters to commands and others). <name> will be replaced by <value>. This substitution may be also performed in strings enclosed in apostrophes. In this case the <name> must be enclosed in $ (ex: 'value = $name$'. See also command GDEF
PARAMETERS: <new name> <original name>
Defines the substitution which will be applied while reading almost any read word from text. <New name> will be replaced by <original name>. This substitution may be also performed in strings enclosed in apostrophes. In this case the name must be enclosed in $ (ex: 'value = $name$'.
.
myMac 00:19:5b:e9:ef:5b VAR
PARAMETERS: <name of variable> <name of field> <initial value> ("autoset"| ["static"] )
Command creates the new variable <name of variable> or reinitializes the old one if some variable of the same name is already exist. The newly created variable will have the same value's type as <name of field>. This command also sets the <initial value> for variable. Variable's value is stored separately from packet's buffer. The "autoset" type of variable indicates that the variable will be initialized by recieved packet (while using WAIT command or its analogs), i.e. from recieved packet will be obtained value of <name of field> and copied to variable. "static" type indicates that variable must not be changed while recieving packet. The "static" keyword may be ommited only if parameters to command are enclosed in round brackets.
The <name of variable> may appear amoung parameters to other commands. In this case it will be replaced by its value. Such a replacement will be also performed in strings enclosed in apostrophes. In this case the <name of variable> must be enclosed in $ (ex: 'value of variable = $name$').
See "samples/ask_mac.fws", "samples/variables.fws".
victimIP arp.srcip 0.0.0.0 autoset VAR
PARAMETERS: <name of variable> <name of field> <initial value> ("autoset"| ["static"] )
Command creates the new variable <name of variable> or reinitializes the old one if some variable of the same name is already exist. The newly created variable will have the same value's type as <name of field>. This command also sets the <initial value> for variable. Variable's value is stored separately from packet's buffer. The "autoset" type of variable indicates that the variable will be initialized by recieved packet (while using WAIT command or its analogs), i.e. from recieved packet will be obtained value of <name of field> and copied to variable. "static" type indicates that variable must not be changed while recieving packet. The "static" keyword may be ommited only if parameters to command are enclosed in round brackets.
The <name of variable> may appear amoung parameters to other commands. In this case it will be replaced by its value. Such a replacement will be also performed in strings enclosed in apostrophes. In this case the <name of variable> must be enclosed in $ (ex: 'value of variable = $name$').
See "samples/ask_mac.fws", "samples/variables.fws".
victimMacAdr srcmac 00:16:17:17:4f:d8 autoset
// description of the arp request to wait
INCLUDE
PARAMETERS: <name of file>
Starts processing the content of given file. The search of file will be performed in the current directory, all search paths (see option -I). For every path the content of samples, headers, traces folders will be also examined.
arp arp.opcode = areq dstmac = 0xffffffffffff arp.dstip = neededIP WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is recieved on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by OR
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT and its analogs. This command does not start waiting. Nevertheless, at once after adding packet may be registered as recieved. If some packet will be registered as recieved before call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waitable ones. Starts waiting simply. Packets may be already added by OR command (or using of UNFIX command).
) then command WAIT will terminate immediately.
command). If any of them is recieved then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <initval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first recieved packet). So several packets may be registered as recieved. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is recieved on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by OR
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT and its analogs. This command does not start waiting. Nevertheless, at once after adding packet may be registered as recieved. If some packet will be registered as recieved before call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waitable ones. Starts waiting simply. Packets may be already added by OR command (or using of UNFIX command).
) then command WAIT will terminate immediately.
command). If any of them is recieved then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <initval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first recieved packet). So several packets may be registered as recieved. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
// waits request
// description of the arp reply
INCLUDE
PARAMETERS: <name of file>
Starts processing the content of given file. The search of file will be performed in the current directory, all search paths (see option -I). For every path the content of samples, headers, traces folders will be also examined.
arp srcmac = mymac dstmac = victimMacAdr arp.opcode = arep arp.srcmac = mymac arp.dstmac = victimMacAdr arp.srcip = neededIP arp.dstip = victimIP PRINT
PARAMETERS: <message>
Displays the given message. Use symbole in message to indicate that line feed must be performed.
'send reply to $victimIP$, $victimMacAdr$\n'
SEND
PARAMETERS: {accept | drop | any }
In common regime generates the packet defined above. In other regimes (testing packet filter, see command FASTTEST
PARAMETERS: no parameters
Enables fasttest regime for packet filter test. See "samples/fasttest".
and option -c) may simply separate packets one from another, so by this command the current content of buffer will be fixed and the new packet will be registered. The requests after command don't make sense in common regime (only while testing packet filter).
PARAMETERS: {accept | drop | any }
In common regime generates the packet defined above. In other regimes (testing packet filter, see command FASTTEST
PARAMETERS: no parameters
Enables fasttest regime for packet filter test. See "samples/fasttest".
and option -c) may simply separate packets one from another, so by this command the current content of buffer will be fixed and the new packet will be registered. The requests after command don't make sense in common regime (only while testing packet filter).
// sends above packet